In March, as the COVID-19 pandemic was gaining a foothold globally and lockdowns were becoming the norm, cyber threat actors saw an opportunity to take advantage of people’s fears and increased use of digital channels. Understandably, human nature drove individuals to get as much information as possible on the potential impact of the pandemic. In April, the BBC reported that Google alone was blocking 18 million coronavirus scam emails every day.
CGI’s Security Operations Centers also experienced an increase in threats related to COVID-19, including malware, weaponized websites and phishing emails.
Emails purporting to come from trusted organizations, such as the U.S. Centers for Disease Control and Prevention and World Health Organization, or from government health advisors, quickly lured individuals onto their hook. Many of these emails sent people to what appeared to be legitimate websites showing the spread of the coronavirus, while at the same time downloading a computer virus onto the reader’s machine.
Education is the best defense
While Secure Email Gateways continuously adapt to manage new threats, they are only as clever as their engine. Nothing currently compares to human intervention, where individuals are to be trained to spot potential phishing attacks and report them.
For many years, CGI has provided cyber education through client consulting engagements and security managed services to better prepare individuals to recognize and report malicious emails. Our training helps clients turn their workforce into a “crowdsourced cyber security organization,” and get them to think about emerging threats. Secure Email Gateways such as Proofpoint, Microsoft or McAfee do a good job, but they are not foolproof. Malicious emails will always get through because the threat actors change their tactics constantly and the engines need to be updated to recognize them.
Organizations that implement phishing training stand a better chance at succeeding against the wave of phishing attacks. Education is critical to help users recognize threats.
Safeguarding organizations through intelligence-led services
CGI uses phishing simulation and triage products to help deliver our training service. These products enable users to click on a single button to report suspicious emails. If they fail to recognize the threat and click on the link in a training email, they receive a message explaining why this was a phishing attempt, helping them recognize this type of email in the future.
CGI intelligence analysts also help organizations manage malicious emails. If employees report a suspicious email, our analysts review the email and quickly create a picture of the threat landscape and how it is changing. We don’t just rely on automated systems to detect email threats—we also have cyber experts who help proactively mitigate risks.
Reporting through these simulations and proactive risk mitigation services provides clients with a true sense of how well the organization is doing with its training, and how diligent their staff is becoming. It’s important to note that employees shouldn’t be penalized for clicking on a link. Rather, they should be educated to recognize these types of suspicious emails in the future, in fact, if the analysts are crafting the emails correctly, they probably will get through. This isn’t to prove how good the team is but to help the employees recognize the real threats and be prepared.
Encouragement is key. If an individual is “tricked” into clicking on a link in a simulation email, they can learn from this experience and go on to report real threats.
Remaining vigilant during unprecedented times
As people become more distracted in their day-to-day working environments, the chances of a bad email getting through increases. To provide a well-rounded and in-depth approach, organizations should combine an enterprise grade Secure Email Gateway, strong end point protection, and user education and crowdsourced reporting.
Individuals should be encouraged to click the “report phishing” button. If they report something that isn’t malicious, then they should receive feedback and have their email released. If it is malicious, the individual should know that their vigilance has helped the organization. In addition, the reporting “button” should be monitored by an intelligence-led team, rather than potentially leaving it to be resent into the same system that let it through in the first place.
In the new normal, education is key to helping people understand emerging threats. While they juggle work and life at home, we need to support individuals by providing the best possible environment. Our phishing services are at the forefront of this, helping stop the next email borne cyber threat. We provide relevant intelligence-led training to support a culture in which individuals are empowered to report potentially malicious emails. When you add this to our managed detection and response service with end point visibility and threat hunting, organizations are better equipped to deal with the threats they face on a daily basis.